June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
3.3. Enabling/Disabling a Service (xinetd)
Problem
You want to prevent a specific TCP service from being invoked on your system by xinetd .
Solution
If the service’s name is “myservice,” locate its configuration in /etc/xinetd.d/myservice or /etc/xinetd.conf and add:
disable = yes
to its parameters. For example, to disable telnet , edit /etc/xinetd.d/telnet:
service telnet
{
...
disable = yes
}Then inform xinetd by signal to pick up your changes:
# kill -USR2 `pidof xinetd`
To permit access, remove the disable line and
resend the SIGUSR2 signal.
Discussion
Instead of disabling the service, you could delete its xinetd configuration file (e.g., /etc/xinetd.d/telnet), or even delete the service’s executable from the machine, but such deletions are harder to undo. (Don’t remove the executable and leave the service enabled, or xinetd will still try to run it and will complain.)
Alternatively use ipchains or iptables [Recipe 2.7] if you want to keep the service runnable but restrict the network source addresses allowed to invoke it. Specific services might also have their own, program-level controls for restricting allowed client addresses.
See Also
xinetd(8). The xinetd home page is http://www.synack.net/xinetd.